The Digital Advertising Alliance (DAA), a coalition of leading advertising trade groups and companies from a variety of industries that has been advancing a self-regulatory approach to online privacy, is rolling out a set of principles to cover the mobile Web.
Formed in 2010, the DAA has pushed the Advertising Option icon to sites across the Web. That icon, which today garners some 1 trillion impressions a month, invites consumers to click to learn about the various companies involved in serving the ad, what information is being collected and how they can limit it.
The Growing Need for a Set of Privacy Guidelines for the Mobile World
Now, with smartphones becoming the device of choice for many users to access the Web, the group is planning to bring a similar set of guidelines to the mobile world.
"What we're hoping to do is basically bring that kind of transparency, that kind of control, over to the mobile Web and the mobile app environment," Lou Mastria, managing director of the DAA, said in an interview with CIO.com.
(International Data Group, the publisher of CIO.com, is one of the companies that participates in the DAA's self-regulatory privacy framework.)
The rollout comes amid continued scrutiny into the practices of online advertisers, ad-tech companies and data brokers, with some members of Congress advocating for legislation to codify a set of privacy protections. Federal officials at the Department of Commerce and the Federal Trade Commission have also been probing industry practices.
The DAA has been an active voice in those discussions, serving as a consistent advocate for strong but self-regulatory guidelines. To critics skeptical that the industry can effectively regulate itself, the group points to its enforcement mechanism through which the Better Business Bureau (BBB) and Direct Marketing Association (DMA) hold firms to account with the threat of referring violators to the FTC or other government authorities. To date, the BBB and DMA have taken public action on 19 companies for violating the DAA's rules, each of which resulted in the firms coming into compliance, according to Mastria.
"Our enforcement authority's pretty muscular," he says.
DAA Calls for Privacy Notice and Controls Over Personal-Directory Data
Now, the group is setting its sights on the mobile Web, with plans to draft rules governing privacy notice and controls for data that is shared across multiple applications, location-based information and the photos, text logs and other content that users create--what the DAA calls personal-directory data.
The new guidelines will largely be an extension of the framework the DAA developed for the desktop, including transplanting the ad options icon to the small screen and making privacy disclosures more accessible to users.
Today's release is just the beginning of the process. With the rollout of the principles, the DAA "is really putting everyone on notice" that new rules will be forthcoming, Mastria says. Then, between six months to a year from now, the DAA plans to publish its implementation guidelines and the rules will become enforceable. In the meantime, the trade associations that comprise the DAA will conduct what Mastria says will be a vigorous campaign of outreach and education to help their member companies prepare for the mobile privacy framework. The DAA is also planning to develop an app to help consumers manage their privacy preferences across the mobile Web.
Ahead of those more technical guidelines, Mastria says he is unable to comment on the specific mechanisms of the mobile privacy framework, but notes that its intention is effectively to give consumers the ability to shut off data sharing across multiple applications, and keep their location and personal directory data private.
The DAA says that it plans eventually to consolidate the past guidance it has offered for online behavioral advertising and data collection across multiple sites with the mobile framework for a single set of principles.
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.
Read more about privacy in CIO's Privacy Drilldown.